External Information System Services

class

Management

family

System and Services Acquisition

number

SA-9

priority

P1

impact

LOW_MODERATE_HIGH

The organization: Requires that providers of external information system services comply with organizational information security requirements and employ appropriate security controls in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance; Defines and documents government oversight and user roles and responsibilities with regard to external information system services; and Monitors security control compliance by external service providers.

Comments